The woman's manager said that type job would give access to information such as dates of birth and Social Security numbers. She has been charged with 17 counts of identity theft.

"[She] would have had access to patient information including birth dates and Social Security numbers." - Government hospital's lab manager

As is too often the case with identity theft, law enforcement, not the organization holding the PII, discovered the thefts. Rather than wait to learn about data privacy breaches, organizations proactively detect them with low-cost on-demand SaaS analytics services.

Monday, March 30, 2015

An employee of a health insurance plan has been charged with stealing over 5,500 policy holders' identities and then sharing them with a credit card fraud ring. The ring fraudulently obtained more than $742,000 in merchandise.

The identity theft fraud ring of 11 people was operating in Michigan and is being prosecuted by Assistant U.S. Attorney Abed Hammoud with the U.S. Attorney's Office for the Eastern District of Michigan in Detroit.

" the scheme stole information belonging to more than 5,500 policy holders from the company's information system." - NBC News

It is unclear how the identity thefts were discovered or over what period of time they occurred. Organizations seeking to detect identity theft proactively can utilize low-cost on-demand SaaS analytics services.

Friday, March 27, 2015

A Texas man has been sentenced to sixteen years in federal prison for leading an identity theft ring.

He obtained stolen identities in several ways, including recruiting a Federal National Mortgage Association (Fannie Mae) employee to steal over 1000 identities from her Fannie Mae workstation. He then used the IDs to withdraw money from bank accounts.

"[He] recruited a Federal National Mortgage Association (Fannie Mae) employee to steal more than 1000 identities from her Fannie Mae workstation." - DataBreaches.net

It seems the ID thefts were discovered by law enforcement, not the organizations holding the person identifying information (PII). Organizations seeking to proactively detect identity theft and privacy data breaches, rather than learn about them from third parties, can utilize low-cost on-demand SaaS analytics services.

Thursday, March 26, 2015

In 2013 alone, the IRS reports paying out about $5.8 billion in fraudulent tax refunds due to identity thefts.

When personal identifying information (PII) is stolen it can be used to open bank accounts, report wages, as well as obtain credit cards, or claim things like the earned income tax credit or other tax benefits.

"[Stolen] Social Security numbers are used to open bank accounts, report wages, as well as obtain credit cards or even collect fraudulent tax refunds." - The Standard Daily

In many cases victims IDs are stolen by employees or other insiders at an organization and the thefts are not discovered until law enforcement is involved. However, rather than learn of the thefts from third parties, organizations can proactively detecting such identity theft with low-cost on-demand SaaS analytics services.

"[The ID thefts took place] from January 2012 to May 2014." - Orlando Sentinel

It is unclear why the IDs thefts went on for over two years. The ID thefts were discovered by law enforcement. Healthcare organizations seeking to proactively detect identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.

Tuesday, March 24, 2015

Since 2009, there have been more than 1,100 health data breaches that have affected more than 120 million people, according to a review of the HHS data by the Washington Post.

Rachel Seeger, an HHS Office for Civil Rights spokesperson, said, "Health care organizations need to make data security central to how they manage their information systems and to be vigilant in assessing and addressing the risks to data on a regular basis."

"Industry experts expect the number of health data breaches to increase in 2015." - iHealthBeat.org

The risk of health data breaches by insiders can be addressed with proactive detection using low-cost on-demand SaaS analytics services.

Monday, March 23, 2015

A hospital worker in Alabama has pleaded guilty to stealing patient identities with the intent of using them to file for fraudulent tax refunds.

The case ignited a multi agency federal investigation. The hospital from which the IDs were stolen stated the U.S. Postal Service and Internal Revenue Service conducted a probe.

"This is likely only the tip of the iceberg. There’s no telling how many people are affected by this." - Attorney, Adam Jones

As is too often the case, the hospital was unaware of the identity thefts until they were notified by law enforcement. Healthcare organizations seeking to proactively detect identity thefts and privacy data breaches can utilize low-cost on-demand SaaS analytics services.

Friday, March 20, 2015

A Texas nurse has been accused of stealing the identities from dozens of fellow hospital workers and possibly of patients.

She has been arrested for credit card abuse for allegedly stealing personal information (PII) and using it to open credit cards in other people's names. As a nurse who worked in hospitals as well as in home healthcare she had access not only to employee information but patient information as well.

"She's a nurse and she has access to not only employee information but patient information, as well." - Lakeview police

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.

Monday, March 16, 2015

Veriphyr and Dairy Queen, sponsors of Children's Miracle Network Hospitals, invite you to participate in Free Cone Day on March 16, 2015.

Dairy Queen, in honor of their 75th anniversary, is giving away free ice cream cones. In lieu of payment the company is asking for donations to support local Children's Miracle Network Hospitals.

"The Free Cone Day will also be a fundraiser for Children’s Miracle Network Hospitals." - Dairy Queen

Children’s Miracle Network Hospitals

Children’s Miracle Network Hospitals is a charity that raises funds for more than 170 children's hospitals. Donations to Children’s Miracle Network Hospitals are used to provide charitable care, purchase life-saving equipment, and fund research and education programs that save and improve the lives of 17 million children each year.

Why Veriphyr Supports Children’s Miracle Network Hospitals
Like our customers, Veriphyr is committed to doing the right thing for our customers and communities. Veriphyr gives back to the communities by contributing a part of each sale to the Children’s Miracle Network Hospitals in the customer's community as well as donating our proactive privacy breach detection SaaS analytics service to CMNH hospitals.

Friday, March 13, 2015

A California man is claiming a neighbor, who is a county social worker, gathered private information about him from the county databases.

The man said the neighbor knew details of his medical disability that he thought were being kept private by the county. He asked the county as well as the Office of Civil Rights to investigate and they found inappropriate access of his records by the neighbor.

"Without privacy there is no confidence in the system." - Nancy Palandati, chairwoman of the American Civil Liberties Union’s Sonoma County chapter

Unfortunately the privacy breach was not detected until the victim asked for an investigation. Organizations seeking to detect breaches proactively, rather than learn about them from third parties, can utilize low-cost on-demand SaaS analytics.

Thursday, March 12, 2015

An former employee of the Social Security Administration (SSA), and eight others, were sentenced to federal prison for their involvement in a $5 million identity theft tax fraud ring.

The SSA worker was recruited to steal identities from the database which were then used to file fraudulent tax returns. The scheme involved stolen identities from more than 1,000 people, according to Acting U.S. Attorney John Horn said in an emailed statement.

"tax refund claims using stolen identities threaten the integrity of our federal income tax system and pose a real danger to the credit history and financial security of the individuals whose identities are stolen." - Acting US Attorney John Horn

It seems the identity thefts were discovered by law enforcement, rather than the organization holding the personal identifying information (PII). Organizations seeking to proactively detect identity thefts and privacy data breaches can utilize low-cost on-demand SaaS analytics services.

Unfortunately the online retailer only became aware of the crime after multiple customers complained they received gift cards with no credits applied to them. Organizations seeking to detect such insider theft can utilize low-cost on-demand SaaS analytics services.

Thursday, March 5, 2015

A Canadian government agency that handles driver's licenses and vehicle registration is investigating inappropriate access of their database by an employee.

In January the agency "was alerted that an individual’s personal information may have been inappropriately accessed by an employee." A subsequent investigation found the employee had breached the personal information of 17 people.

"This matter is a very serious concern to us as we hold drivers’ and vehicle owners’ personal information in the strictest of confidence." - Service NL​ Minister Tony Cornect

It seems the agency's investigation was prompted by information from a third party. Organizations seeking to proactively detect identity theft and privacy data breaches, rather than learn about them from third parties, can utilize low-cost on-demand SaaS analytics services.

Wednesday, March 4, 2015

A registered nurse with a history of narcotics thefts has been accused of illegally accessing a state database of prescription records for 1 million Minnesotans.

It seems the nurse's access to the database was not shut off when his job was assigned to someone else. As a result he was able to illegally access patient records for eight months until an audit found the error.

"Yes, it’s very clear under federal law and state law that you can only access the data when you have a need to access the data." - Minnesota Board of Pharmacy executive director Cody Wiberg

Unfortunately it's not uncommon for access rights to be left active after an employee leaves their position. Therefore frequent auditing of who has which access rights must be done on a regular basis. This is easily accomplished with low-cost on-demand SaaS analytics services.

Tuesday, March 3, 2015

The International Association of Privacy Professionals (IAPP) has invited John Vastano, PhD, to speak at their Global Privacy Summit in Washington, DC, March 4-6 2015.

Dr. Vastano will lead an active learning session "Get Sleuthy: How to Detect Data reaches and Insider Identity Theft." The hands-on format will allow attendees to walk away with techniques to proactively detect data privacy breaches and insider theft at their organizations using software they already have.

"The IAPP is world’s largest global information privacy community."

The session will also review the current state of and statistics on healthcare privacy breaches and identity thefts. As well as how recent legal cases affect class action suits, fines and penalties.

Monday, March 2, 2015

As an official partner of Children’s Miracle Network Hospitals, Veriphyr wants to encourage everyone to support IHOP’s National Pancake Day on Tuesday, March 3, 2015.

IHOP Restaurants and Veriphyr partners with Children’s Miracle Network Hospitals to help improve the lives of millions of sick children. We welcome the opportunity to collaborate with IHOP in support of this great cause and, frankly, we’d hate for you to miss out on free pancakes!